From 2190ea78ce4212c98e6749d341e94ef8f26836a7 Mon Sep 17 00:00:00 2001
From: Tim Waugh <twaugh@fedoraproject.org>
Date: Thu, 24 Nov 2005 23:00:49 +0000
Subject: [PATCH] - Apply runuser PAM patch from bug #173807. Ship runuser PAM
 file.

---
 coreutils-5.2.1-runuser.patch | 126 ++++++++++++++--------------------
 coreutils.spec                |   8 ++-
 2 files changed, 60 insertions(+), 74 deletions(-)

diff --git a/coreutils-5.2.1-runuser.patch b/coreutils-5.2.1-runuser.patch
index ae050d3..b58f5c7 100644
--- a/coreutils-5.2.1-runuser.patch
+++ b/coreutils-5.2.1-runuser.patch
@@ -75,7 +75,7 @@
  readlink.1:	$(common_dep)	$(srcdir)/readlink.x	../src/readlink.c
  rm.1:		$(common_dep)	$(srcdir)/rm.x		../src/rm.c
  rmdir.1:	$(common_dep)	$(srcdir)/rmdir.x	../src/rmdir.c
-+runuser.1:	$(common_dep)	$(srcdir)/runuser.x	../src/runuser.c
++runuser.1:	$(common_dep)	$(srcdir)/runuser.x	../src/su.c
  seq.1:		$(common_dep)	$(srcdir)/seq.x		../src/seq.c
  sha1sum.1:	$(common_dep)	$(srcdir)/sha1sum.x	../src/md5sum.c
  shred.1:	$(common_dep)	$(srcdir)/shred.x	../src/shred.c
@@ -86,11 +86,17 @@
 +runuser \- run a shell with substitute user and group IDs
 +[DESCRIPTION]
 +.\" Add any additional description here
---- coreutils-5.93/src/su.c.runuser	2005-11-14 10:54:44.000000000 +0000
-+++ coreutils-5.93/src/su.c	2005-11-14 10:54:44.000000000 +0000
-@@ -134,7 +134,9 @@
+--- coreutils-5.93/src/su.c	2005-11-14 10:54:44.000000000 +0000
++++ coreutils-5.93/src/su.c	2005-11-24 16:12:18.000000000 +0000
+@@ -132,9 +132,15 @@
+ #include "error.h"
+ 
  /* The official name of this program (e.g., no `g' prefix).  */
++#ifndef RUNUSER
  #define PROGRAM_NAME "su"
++#else
++#define PROGRAM_NAME "runuser"
++#endif
  
 +#ifndef AUTHORS
  #define AUTHORS "David MacKenzie"
@@ -98,7 +104,7 @@
  
  #if HAVE_PATHS_H
  # include <paths.h>
-@@ -172,6 +174,10 @@
+@@ -172,6 +178,10 @@
  #ifndef USE_PAM
  char *crypt ();
  #endif
@@ -109,7 +115,40 @@
  char *getpass ();
  char *getusershell ();
  void endusershell ();
-@@ -746,7 +752,7 @@
+@@ -303,10 +313,12 @@
+   retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
+   PAM_BAIL_P;
+ 
++#ifndef RUNUSER
+   if (getuid() != 0 && !isatty(0)) {
+ 	fprintf(stderr, "standard in must be a tty\n");
+ 	exit(1);
+   }
++#endif
+ 
+   caller = getpwuid(getuid());
+   if(caller != NULL && caller->pw_name != NULL) {
+@@ -323,6 +335,11 @@
+     retval = pam_set_item(pamh, PAM_TTY, tty_name);
+     PAM_BAIL_P;
+   }
++#ifdef RUNUSER
++  if (getuid() != geteuid())
++    /* safety net: deny operation if we are suid by accident */
++    error(EXIT_FAIL, 1, "runuser may not be setuid");
++#else
+   retval = pam_authenticate(pamh, 0);
+   PAM_BAIL_P;
+   retval = pam_acct_mgmt(pamh, 0);
+@@ -332,6 +349,7 @@
+     PAM_BAIL_P;
+   }
+   PAM_BAIL_P;
++#endif
+   /* must be authenticated if this point was reached */
+   return 1;
+ #else /* !USE_PAM */
+@@ -746,7 +764,7 @@
  			  : DEFAULT_SHELL);
    endpwent ();
  
@@ -118,8 +157,8 @@
      {
  #ifdef SYSLOG_FAILURE
        log_su (pw, false);
---- coreutils-5.93/src/Makefile.am.runuser	2005-11-14 10:54:44.000000000 +0000
-+++ coreutils-5.93/src/Makefile.am	2005-11-14 10:54:44.000000000 +0000
+--- coreutils-5.93/src/Makefile.am	2005-11-14 10:54:44.000000000 +0000
++++ coreutils-5.93/src/Makefile.am	2005-11-24 16:18:58.000000000 +0000
 @@ -17,7 +17,7 @@
  ## along with this program; if not, write to the Free Software Foundation,
  ## Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
@@ -129,15 +168,16 @@
  
  bin_SCRIPTS = groups
  bin_PROGRAMS = [ chgrp chown chmod cp dd dircolors du \
-@@ -91,6 +91,7 @@
- uptime_LDADD = $(LDADD) $(GETLOADAVG_LIBS)
- 
+@@ -93,4 +93,8 @@
  su_LDADD = $(LDADD) $(LIB_CRYPT) @LIB_PAM@
-+runuser_LDADD = $(LDADD) $(LIB_CRYPT) 
  
++runuser_SOURCES = su.c
++runuser_CFLAGS = -DRUNUSER -DAUTHORS="\"David MacKenzie, Dan Walsh\""
++runuser_LDADD = $(LDADD) $(LIB_CRYPT) @LIB_PAM@
++
  $(PROGRAMS): ../lib/libcoreutils.a
  
-@@ -106,7 +107,7 @@
+@@ -106,7 +110,7 @@
  	chmod +x $@-t
  	mv $@-t $@
  
@@ -146,66 +186,6 @@
  
  installed_su = $(DESTDIR)$(bindir)/`echo su|sed '$(transform)'`
  
---- /dev/null	2005-10-10 09:36:06.437701000 +0100
-+++ coreutils-5.93/src/runuser.c	2005-11-14 10:55:29.000000000 +0000
-@@ -0,0 +1,57 @@
-+#define CHECKPASSWD 0
-+#define pam_start my_pam_start
-+#define pam_end my_pam_end
-+#define pam_setcred my_pam_setcred
-+#define pam_open_session my_pam_open_session
-+#define pam_close_session my_pam_close_session
-+#define pam_strerror my_pam_strerror
-+#define pam_getenvlist my_pam_getenvlist
-+#define AUTHORS "David MacKenzie, Dan Walsh"
-+#include "su.c"
-+int pam_start(const char *service_name, const char *user,
-+		     const struct pam_conv *pam_conversation,
-+	      pam_handle_t **pamh) {
-+	return PAM_SUCCESS;
-+}
-+int pam_end(pam_handle_t *pamh, int pam_status) {
-+	return PAM_SUCCESS;
-+}
-+int pam_setcred(pam_handle_t *pamh, int flags){
-+	return PAM_SUCCESS;
-+}
-+int pam_open_session(pam_handle_t *pamh, int flags){
-+	if (getuid() != geteuid())
-+		/* safety net: deny operation if we are suid by accident */
-+		error(EXIT_FAIL, 1, "runuser may not be setuid");
-+	return PAM_SUCCESS;
-+}
-+int pam_close_session(pam_handle_t *pamh, int flags){
-+	return PAM_SUCCESS;
-+}
-+const char *pam_strerror(pam_handle_t *pamh, int err){
-+	return "";
-+}
-+char **pam_getenvlist(pam_handle_t *pamh){
-+	return NULL;
-+}
-+
-+int misc_conv(int num_msg, const struct pam_message **msgm,
-+	      struct pam_response **response, void *appdata_ptr) {
-+	return PAM_SUCCESS;
-+}
-+
-+int pam_authenticate(pam_handle_t *pamh, int flags) {
-+	return PAM_SUCCESS;
-+}
-+
-+int pam_acct_mgmt(pam_handle_t *pamh, int flags) {
-+	return PAM_SUCCESS;
-+}
-+
-+int pam_chauthtok (pam_handle_t *pamh, int flags) {
-+	return PAM_SUCCESS;
-+}
-+
-+int pam_set_item(pam_handle_t *pamh, int item_type, const void *item) {
-+	return PAM_SUCCESS;
-+}
 --- coreutils-5.93/tests/help-version.runuser	2005-01-05 22:08:48.000000000 +0000
 +++ coreutils-5.93/tests/help-version	2005-11-14 10:54:45.000000000 +0000
 @@ -136,6 +136,7 @@
diff --git a/coreutils.spec b/coreutils.spec
index e5c0503..82f7b79 100644
--- a/coreutils.spec
+++ b/coreutils.spec
@@ -14,6 +14,7 @@ Source102:	DIR_COLORS.xterm
 Source105:  colorls.sh
 Source106:  colorls.csh
 Source200:  su.pamd
+Source201:  runuser.pamd
 
 # From upstream
 
@@ -110,7 +111,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic"
 touch aclocal.m4 configure config.hin Makefile.in */Makefile.in */*/Makefile.in
 aclocal -I m4
 autoconf --force
-automake --copy --force
+automake --copy --add-missing
 %configure --enable-largefile --with-afs %{?!nopam:--enable-pam} \
 --enable-selinux \
 || :
@@ -171,6 +172,7 @@ for i in hostname uptime kill ; do
 done
 
 %{?!nopam:install -m 644 %SOURCE200 $RPM_BUILD_ROOT%_sysconfdir/pam.d/su}
+%{?!nopam:install -m 644 %SOURCE201 $RPM_BUILD_ROOT%_sysconfdir/pam.d/runuser}
 
 bzip2 -f9 old/*/C* || :
 
@@ -216,6 +218,7 @@ fi
 %config(noreplace) %{_sysconfdir}/DIR_COLORS*
 %config(noreplace) %{_sysconfdir}/profile.d/*
 %{?!nopam:%config(noreplace) /etc/pam.d/su}
+%{?!nopam:%config(noreplace) /etc/pam.d/runuser}
 %doc ABOUT-NLS ChangeLog.bz2 NEWS README THANKS TODO old/*
 /bin/basename
 /bin/cat
@@ -256,6 +259,9 @@ fi
 /sbin/runuser
 
 %changelog
+* Thu Nov 25 2005 Tim Waugh <twaugh@redhat.com>
+- Apply runuser PAM patch from bug #173807.  Ship runuser PAM file.
+
 * Tue Nov 14 2005 Dan Walsh <dwalsh@redhat.com> 5.93-3
 - Remove multiple from su.pamd